package com.fs.cv.realm;



import com.fs.cv.pojo.pojodao.Permission;
import com.fs.cv.pojo.pojodao.Role;
import com.fs.cv.pojo.pojodao.User;
import com.fs.cv.service.RoleService;
import com.fs.cv.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.HashSet;
import java.util.Set;

/**
 * @工程名: SSM教务管理系统项目
 * @描述：
 * @作者: 小梁子
 * @创建时间: 2020-09-28 00:36
 **/
public class MyShiroRealm extends AuthorizingRealm {

    @Autowired
    private UserService userService;
    @Autowired
    private RoleService roleService;
    /**
    * 方法描述:shiro授权方法
    * @param principalCollection
    * @return org.apache.shiro.authz.AuthorizationInfo
    * @author 周先华
    * @date 2020/9/28
    */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    //拿到等待授权的用户账号
        String username = (String)principalCollection.getPrimaryPrincipal();
        User user = userService.queryUserInfoByUserName(username);
        //根据待授权的用户账号去系统数据库查询这个用户的授权信息
        Set<String> roles = new HashSet<>();
        Set<String> permission = new HashSet<>();
        //收集角色权限信息
        for (Role role:user.getRoles()) {
            roles.add(role.getName());
            Role role1=roleService.queryRoleInfoByRoleId(role.getRoleId());
            if (role1.getPermissions()!=null){
                for (Permission per:role1.getPermissions()) {
                    permission.add(per.getName());
                }

            }
        }
        System.out.println("**********************");
        System.out.println(roles);
        System.out.println("**********************");
        System.out.println(permission);
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        info.addRoles(roles);
        info.addStringPermissions(permission);
        return info;
    }
/**
* 方法描述:shiro认证方法，用户登录时，调用shiro的login方法，会自动调用这个方法，
 * 用来验证用户在系统里面的信息是否存在
* @param authenticationToken
* @return org.apache.shiro.authc.AuthenticationInfo
* @author 周先华
* @date 2020/9/28
*/
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        //拿到需要认证的用户账号
        String username = (String)authenticationToken.getPrincipal();
        //根据用户账号到系统中查询用户信息
        User user = userService.queryUserInfoByUserName(username);

        if (user == null) {
            throw new UnknownAccountException("账号不存在，请重试");
        }
        //将用户信息存入shiro的session中，key为user
        Session session = SecurityUtils.getSubject().getSession();
        //设置系统超时时间
//        session.setTimeout(6000);
        session.setAttribute("user",user);
        //构造认证信息，使用用户账号，密码，realm名, salt

        String realmName = this.getName();
        ByteSource bytes = ByteSource.Util.bytes(user.getUserUserName());
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user.getUserUserName(), user.getUserPassword(), bytes, realmName);
        return info;
    }
}
